Defining Target Scope

New in v0.9.0: In the event you’re scanning a single ip address or host, simply use --target. It accepts a single target and works in conjunction with --exempt-list if specified.

[db-1] recon-pipeline> scan HTBScan --target 10.10.10.183 --top-ports 1000
...

In order to scan more than one host at a time, the pipeline needs a file that describes the target’s scope to be provided as an argument to the –target-file option. The target file can consist of domains, ip addresses, and ip ranges, one per line.

In order to scan more than one host at a time, the pipeline expects a file that describes the target’s scope to be provided as an argument to the --target-file option. The target file can consist of domains, ip addresses, and ip ranges, one per line. Domains, ip addresses and ip ranges can be mixed/matched within the scope file.

tesla.com
tesla.cn
teslamotors.com
...

Some bug bounty scopes have expressly verboten subdomains and/or top-level domains, for that there is the --exempt-list option. The exempt list follows the same rules as the target file.

shop.eu.teslamotors.com
energysupport.tesla.com
feedback.tesla.com
...